aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/base/personal.pp4
-rw-r--r--manifests/role/jabber.pp2
-rw-r--r--manifests/role/nas.pp12
-rw-r--r--manifests/role/router.pp2
-rw-r--r--manifests/subsystem/apt.pp2
-rw-r--r--manifests/subsystem/dhclient.pp2
-rw-r--r--manifests/subsystem/grsec.pp3
-rw-r--r--manifests/subsystem/hibernate.pp6
-rw-r--r--manifests/subsystem/hostname.pp2
-rw-r--r--manifests/subsystem/hosts.pp2
-rw-r--r--manifests/subsystem/initramfs.pp6
-rw-r--r--manifests/subsystem/keyboard.pp4
-rw-r--r--manifests/subsystem/local.pp2
-rw-r--r--manifests/subsystem/locales.pp4
-rw-r--r--manifests/subsystem/macchanger/wicd.pp2
-rw-r--r--manifests/subsystem/media/folders.pp8
-rw-r--r--manifests/subsystem/modprobe.pp2
-rw-r--r--manifests/subsystem/motd.pp5
-rw-r--r--manifests/subsystem/nas/share.pp2
-rw-r--r--manifests/subsystem/pbuilder.pp2
-rw-r--r--manifests/subsystem/screen.pp2
-rw-r--r--manifests/subsystem/screen/startup.pp2
-rw-r--r--manifests/subsystem/ssh/config.pp2
-rw-r--r--manifests/subsystem/ssh/folder.pp2
-rw-r--r--manifests/subsystem/ssh/known_hosts.pp2
-rw-r--r--manifests/subsystem/ssh/local_key.pp4
-rw-r--r--manifests/subsystem/sudo.pp2
-rw-r--r--manifests/subsystem/sysctl.pp6
-rw-r--r--manifests/subsystem/sysctl/appliance.pp2
-rw-r--r--manifests/subsystem/sysctl/disable_ipv6.pp2
-rw-r--r--manifests/subsystem/sysctl/entry.pp2
-rw-r--r--manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp2
32 files changed, 54 insertions, 50 deletions
diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp
index f1970bc..f4fe3d9 100644
--- a/manifests/base/personal.pp
+++ b/manifests/base/personal.pp
@@ -18,13 +18,13 @@ class nodo::base::personal {
# This is handled by "hydractl sync-media"
#file { [ "/var/data/code", "/var/data/crypt", "/var/data/crypt/home", "/var/data/load" ]:
# ensure => directory,
- # mode => 0755,
+ # mode => '0755',
# require => File['/var/cache/media'],
#}
# Development
file { [ "/var/cache/vagrant", "/var/cache/virtualbox", "/var/cache/qemu" ]:
ensure => directory,
- mode => 0755,
+ mode => '0755',
}
}
diff --git a/manifests/role/jabber.pp b/manifests/role/jabber.pp
index 59c2c87..c623cab 100644
--- a/manifests/role/jabber.pp
+++ b/manifests/role/jabber.pp
@@ -21,7 +21,7 @@ class nodo::role::jabber inherits nodo::base::virtual {
ensure => directory,
owner => "root",
group => "ejabberd",
- mode => 0750,
+ mode => '0750',
}
# We use a concatenated cert file
diff --git a/manifests/role/nas.pp b/manifests/role/nas.pp
index 492490e..9cdc0e1 100644
--- a/manifests/role/nas.pp
+++ b/manifests/role/nas.pp
@@ -101,7 +101,7 @@ class nodo::role::nas(
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
content => "no\n",
notify => Service[$pureftpd::params::service_name],
}
@@ -113,7 +113,7 @@ class nodo::role::nas(
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/ftp.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
@@ -175,7 +175,7 @@ class nodo::role::nas(
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/samba.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
@@ -202,7 +202,7 @@ class nodo::role::nas(
ensure => directory,
owner => root,
group => root,
- mode => 0755,
+ mode => '0755',
}
file { '/etc/avahi/services/http.service':
@@ -212,7 +212,7 @@ class nodo::role::nas(
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/http.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
@@ -251,7 +251,7 @@ class nodo::role::nas(
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/rsync.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
diff --git a/manifests/role/router.pp b/manifests/role/router.pp
index 9d04813..cd65a1e 100644
--- a/manifests/role/router.pp
+++ b/manifests/role/router.pp
@@ -19,7 +19,7 @@ class nodo::role::router inherits nodo::base::appliance {
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall'
}
}
diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp
index a93125e..85152d0 100644
--- a/manifests/subsystem/apt.pp
+++ b/manifests/subsystem/apt.pp
@@ -8,7 +8,7 @@ class nodo::subsystem::apt(
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
content => $ensure ? {
'present' => template("nodo/apt/${::operatingsystem}.sources.list.erb"),
default => undef,
diff --git a/manifests/subsystem/dhclient.pp b/manifests/subsystem/dhclient.pp
index 2f39076..e67a6e8 100644
--- a/manifests/subsystem/dhclient.pp
+++ b/manifests/subsystem/dhclient.pp
@@ -11,7 +11,7 @@ class nodo::subsystem::dhclient(
ensure => $ensure,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
require => Package['isc-dhcp-client'],
content => template('nodo/dhcp/dhclient.conf.erb'),
}
diff --git a/manifests/subsystem/grsec.pp b/manifests/subsystem/grsec.pp
index 7b90002..903371e 100644
--- a/manifests/subsystem/grsec.pp
+++ b/manifests/subsystem/grsec.pp
@@ -1,5 +1,6 @@
class nodo::subsystem::grsec {
include nodo::utils::security::grsec
+ include nodo::subsystem::grsec::group
nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock':
order => 'zz',
@@ -17,7 +18,7 @@ class nodo::subsystem::grsec {
file { "/etc/sysctl.d/grsec.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
source => "puppet:///modules/nodo/etc/sysctl.d/grsec.conf",
}
diff --git a/manifests/subsystem/hibernate.pp b/manifests/subsystem/hibernate.pp
index a036519..2efedad 100644
--- a/manifests/subsystem/hibernate.pp
+++ b/manifests/subsystem/hibernate.pp
@@ -11,7 +11,7 @@ class nodo::subsystem::hibernate(
file { "/etc/initramfs-tools/conf.d/resume":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
content => "RESUME=/dev/mapper/swap\n",
notify => Exec['update-initramfs'],
ensure => $enable ? {
@@ -23,7 +23,7 @@ class nodo::subsystem::hibernate(
file { "/etc/uswsusp.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/nodo/etc/uswsusp.conf',
require => Package['uswsusp'],
ensure => $enable ? {
@@ -35,7 +35,7 @@ class nodo::subsystem::hibernate(
file { "/etc/pm/config.d/00sleep_module":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
content => "SLEEP_MODULE=\"uswsusp\"\n",
require => Package['uswsusp'],
ensure => $enable ? {
diff --git a/manifests/subsystem/hostname.pp b/manifests/subsystem/hostname.pp
index 4dedcec..e835f1a 100644
--- a/manifests/subsystem/hostname.pp
+++ b/manifests/subsystem/hostname.pp
@@ -2,7 +2,7 @@ class nodo::subsystem::hostname {
file { "/etc/hostname":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "${::fqdn}\n",
}
diff --git a/manifests/subsystem/hosts.pp b/manifests/subsystem/hosts.pp
index cd7647e..341a827 100644
--- a/manifests/subsystem/hosts.pp
+++ b/manifests/subsystem/hosts.pp
@@ -9,7 +9,7 @@ class nodo::subsystem::hosts(
ensure => present,
owner => root,
group => root,
- mode => 0640,
+ mode => '0640',
source => "puppet:///modules/site_nodo/hosts/${::fqdn}",
}
}
diff --git a/manifests/subsystem/initramfs.pp b/manifests/subsystem/initramfs.pp
index 9abc00e..e6c9cfe 100644
--- a/manifests/subsystem/initramfs.pp
+++ b/manifests/subsystem/initramfs.pp
@@ -5,7 +5,7 @@ class nodo::subsystem::initramfs(
file { "/etc/kernel-img.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "do_initrd = Yes\n",
}
@@ -14,7 +14,7 @@ class nodo::subsystem::initramfs(
file { "/etc/initramfs-tools/modules":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
source => "puppet:///modules/nodo/etc/initramfs-tools/modules",
}
@@ -25,7 +25,7 @@ class nodo::subsystem::initramfs(
content => "KEYMAP=Y\n",
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
}
# Update initramfs when needed
diff --git a/manifests/subsystem/keyboard.pp b/manifests/subsystem/keyboard.pp
index b5241d7..64dcf57 100644
--- a/manifests/subsystem/keyboard.pp
+++ b/manifests/subsystem/keyboard.pp
@@ -4,7 +4,7 @@ class nodo::subsystem::keyboard {
ensure => present,
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
source => "puppet:///modules/site_nodo/keyboard/${::hostname}"
}
@@ -16,7 +16,7 @@ class nodo::subsystem::keyboard {
ensure => present,
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
source => "puppet:///modules/site_nodo/console/boottime.kmap.gz.${::hostname}"
}
}
diff --git a/manifests/subsystem/local.pp b/manifests/subsystem/local.pp
index 7021646..d6b7587 100644
--- a/manifests/subsystem/local.pp
+++ b/manifests/subsystem/local.pp
@@ -4,7 +4,7 @@ class nodo::subsystem::local {
"puppet:///modules/nodo/etc/rc.local" ],
owner => "root",
group => "root",
- mode => 0755,
+ mode => '0755',
ensure => present,
}
}
diff --git a/manifests/subsystem/locales.pp b/manifests/subsystem/locales.pp
index ee428a5..a30544e 100644
--- a/manifests/subsystem/locales.pp
+++ b/manifests/subsystem/locales.pp
@@ -9,7 +9,7 @@ class nodo::subsystem::locales {
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
}
file { 'locale-gen':
@@ -22,7 +22,7 @@ class nodo::subsystem::locales {
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
}
exec { "locale-gen":
diff --git a/manifests/subsystem/macchanger/wicd.pp b/manifests/subsystem/macchanger/wicd.pp
index 18ee263..414cb78 100644
--- a/manifests/subsystem/macchanger/wicd.pp
+++ b/manifests/subsystem/macchanger/wicd.pp
@@ -3,7 +3,7 @@ class nodo::subsystem::macchanger::wicd inherits nodo::subsystem::macchanger {
ensure => present,
owner => root,
group => root,
- mode => 0755,
+ mode => '0755',
source => 'puppet:///modules/nodo/etc/wicd/macchanger',
}
}
diff --git a/manifests/subsystem/media/folders.pp b/manifests/subsystem/media/folders.pp
index 4495bae..a745a54 100644
--- a/manifests/subsystem/media/folders.pp
+++ b/manifests/subsystem/media/folders.pp
@@ -7,19 +7,19 @@ class nodo::subsystem::media::folders(
# Removable media folders
file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]:
ensure => directory,
- mode => 0755,
+ mode => '0755',
}
# Local cache for general use
file { "/var/cache/${::hostname}":
ensure => directory,
- mode => 0755,
+ mode => '0755',
}
# Local media cache
file { "/var/cache/${::hostname}/media":
ensure => $cache,
- mode => 0755,
+ mode => '0755',
owner => $owner ? {
false => undef,
default => $owner,
@@ -39,7 +39,7 @@ class nodo::subsystem::media::folders(
# Code and load folders
file { [ "${base}/code", "${base}/load" ]:
ensure => directory,
- mode => 0755,
+ mode => '0755',
owner => $owner ? {
false => undef,
default => $owner,
diff --git a/manifests/subsystem/modprobe.pp b/manifests/subsystem/modprobe.pp
index e5e5498..90d9289 100644
--- a/manifests/subsystem/modprobe.pp
+++ b/manifests/subsystem/modprobe.pp
@@ -2,7 +2,7 @@ class nodo::subsystem::modprobe {
file { "/etc/modprobe.d/blacklist.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf",
}
diff --git a/manifests/subsystem/motd.pp b/manifests/subsystem/motd.pp
index ae59f9b..df671eb 100644
--- a/manifests/subsystem/motd.pp
+++ b/manifests/subsystem/motd.pp
@@ -5,11 +5,14 @@ class nodo::subsystem::motd(
if $message != '' {
$append = "${message}\n"
}
+ else {
+ $append = ''
+ }
file { "/etc/motd":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => file,
content => "This is ${::fqdn} from the ${network_name}.\n${append}",
}
diff --git a/manifests/subsystem/nas/share.pp b/manifests/subsystem/nas/share.pp
index e705e8d..94f8194 100644
--- a/manifests/subsystem/nas/share.pp
+++ b/manifests/subsystem/nas/share.pp
@@ -106,7 +106,7 @@ define nodo::subsystem::nas::share(
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => "puppet:///modules/site_avahi/services/nfs-${name}.service",
notify => Service['avahi-daemon'],
}
diff --git a/manifests/subsystem/pbuilder.pp b/manifests/subsystem/pbuilder.pp
index 4fa0fc4..d85cf68 100644
--- a/manifests/subsystem/pbuilder.pp
+++ b/manifests/subsystem/pbuilder.pp
@@ -3,7 +3,7 @@ class nodo::subsystem::pbuilder {
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/nodo/etc/pbuilderrc',
}
}
diff --git a/manifests/subsystem/screen.pp b/manifests/subsystem/screen.pp
index bcc2450..ba24c67 100644
--- a/manifests/subsystem/screen.pp
+++ b/manifests/subsystem/screen.pp
@@ -3,7 +3,7 @@ class nodo::subsystem::screen {
content => template('nodo/screen/screenrc.erb'),
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
}
}
diff --git a/manifests/subsystem/screen/startup.pp b/manifests/subsystem/screen/startup.pp
index 5ad2e1a..15f9b56 100644
--- a/manifests/subsystem/screen/startup.pp
+++ b/manifests/subsystem/screen/startup.pp
@@ -8,7 +8,7 @@ class nodo::subsystem::screen::startup(
content => template('nodo/screen/screenrc.erb'),
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
}
}
diff --git a/manifests/subsystem/ssh/config.pp b/manifests/subsystem/ssh/config.pp
index d790562..510a656 100644
--- a/manifests/subsystem/ssh/config.pp
+++ b/manifests/subsystem/ssh/config.pp
@@ -15,7 +15,7 @@ define nodo::subsystem::ssh::config(
ensure => present,
owner => $owner,
group => $group,
- mode => 0600,
+ mode => '0600',
require => File["${home}/.ssh"],
}
diff --git a/manifests/subsystem/ssh/folder.pp b/manifests/subsystem/ssh/folder.pp
index 45a9693..d22b9cb 100644
--- a/manifests/subsystem/ssh/folder.pp
+++ b/manifests/subsystem/ssh/folder.pp
@@ -10,7 +10,7 @@ define nodo::subsystem::ssh::folder(
ensure => $ensure,
owner => $owner,
group => $group,
- mode => 0700,
+ mode => '0700',
}
}
}
diff --git a/manifests/subsystem/ssh/known_hosts.pp b/manifests/subsystem/ssh/known_hosts.pp
index d49dc7d..0d81254 100644
--- a/manifests/subsystem/ssh/known_hosts.pp
+++ b/manifests/subsystem/ssh/known_hosts.pp
@@ -14,7 +14,7 @@ define nodo::subsystem::ssh::known_host(
ensure => present,
owner => $owner,
group => $group,
- mode => 0600,
+ mode => '0600',
require => File["${home}/.ssh"],
}
diff --git a/manifests/subsystem/ssh/local_key.pp b/manifests/subsystem/ssh/local_key.pp
index f311ea3..717f408 100644
--- a/manifests/subsystem/ssh/local_key.pp
+++ b/manifests/subsystem/ssh/local_key.pp
@@ -21,7 +21,7 @@ define nodo::subsystem::ssh::local_key(
ensure => $ensure,
owner => $owner,
group => $group,
- mode => 0400,
+ mode => '0400',
source => $ensure ? {
'present' => $source,
default => undef,
@@ -33,7 +33,7 @@ define nodo::subsystem::ssh::local_key(
ensure => $ensure,
owner => $owner,
group => $group,
- mode => 0400,
+ mode => '0400',
source => $ensure ? {
'present' => "${source}.pub",
default => undef,
diff --git a/manifests/subsystem/sudo.pp b/manifests/subsystem/sudo.pp
index 2e6b469..6c4efc0 100644
--- a/manifests/subsystem/sudo.pp
+++ b/manifests/subsystem/sudo.pp
@@ -14,7 +14,7 @@ class nodo::subsystem::sudo {
"puppet:///modules/nodo/etc/sudoers" ],
owner => "root",
group => "root",
- mode => 440,
+ mode => '0440',
require => Package["sudo"],
}
}
diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp
index aef4278..4329010 100644
--- a/manifests/subsystem/sysctl.pp
+++ b/manifests/subsystem/sysctl.pp
@@ -7,7 +7,7 @@ class nodo::subsystem::sysctl {
file { "/etc/sysctl.d/mmap_min_addr.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "vm.mmap_min_addr = 4096\n",
}
@@ -16,7 +16,7 @@ class nodo::subsystem::sysctl {
file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "net.ipv4.conf.all.promote_secondaries = 1\n",
}
@@ -31,7 +31,7 @@ class nodo::subsystem::sysctl {
file { "/etc/sysctl.d/kernel.printk.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "kernel.printk = ${printk_levels}\n",
}
diff --git a/manifests/subsystem/sysctl/appliance.pp b/manifests/subsystem/sysctl/appliance.pp
index 83c151c..23b1e96 100644
--- a/manifests/subsystem/sysctl/appliance.pp
+++ b/manifests/subsystem/sysctl/appliance.pp
@@ -2,7 +2,7 @@ class nodo::subsystem::sysctl::appliance($kernel_panic = hiera('nodo::sysctl::ap
file { "/etc/sysctl.d/kernel.panic.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "kernel.panic = ${kernel_panic}\n",
}
diff --git a/manifests/subsystem/sysctl/disable_ipv6.pp b/manifests/subsystem/sysctl/disable_ipv6.pp
index a6486a0..2404d8f 100644
--- a/manifests/subsystem/sysctl/disable_ipv6.pp
+++ b/manifests/subsystem/sysctl/disable_ipv6.pp
@@ -6,7 +6,7 @@ class nodo::subsystem::sysctl::disable_ipv6(
file { "/etc/sysctl.d/disable_ipv6.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
source => "puppet:///modules/nodo/etc/sysctl.d/disable_ipv6.conf",
}
diff --git a/manifests/subsystem/sysctl/entry.pp b/manifests/subsystem/sysctl/entry.pp
index 93230d5..2741aba 100644
--- a/manifests/subsystem/sysctl/entry.pp
+++ b/manifests/subsystem/sysctl/entry.pp
@@ -14,7 +14,7 @@ define nodo::subsystem::sysctl::entry(
file { "/etc/sysctl.d/${prefix}${name}.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
content => "$name = $value\n",
}
diff --git a/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp b/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp
index 2f6c753..c1f6650 100644
--- a/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp
+++ b/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp
@@ -8,7 +8,7 @@ class nodo::subsystem::sysctl::tcp_challenge_ack_limit(
file { "/etc/sysctl.d/tcp_challenge_ack_limit.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
content => "net.ipv4.tcp_challenge_ack_limit = 999999999\n",
}